22 matches found
PDM: Project-Local State and Config Writes Follow Symlinks
Summary PDM writes several project-local state or configuration files without symlink protection. If a malicious repository places those files as symlinks, local PDM operations can overwrite the symlink targets. This creates an arbitrary file clobber primitive relative to the privileges of the...
GHSA-GHQ2-5C67-FPRM PDM: Project-Local State and Config Writes Follow Symlinks
Summary PDM writes several project-local state or configuration files without symlink protection. If a malicious repository places those files as symlinks, local PDM operations can overwrite the symlink targets. This creates an arbitrary file clobber primitive relative to the privileges of the...
EUVD-2009-4106
Malware in sbrugna...
CVE-2024-37153
Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. There is an issue with how to liquid stake using Safe which itself is a contract. The bug only appears when there is a local state change together with an ICS20 transfer in the same function and uses the contract's balance, that...
OESA-2024-1810 rubygem-actionpack security update
Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn't require a browser. Security Fixes: Action Pack is a framework for handling and responding to web requests. Und...
CVE-2024-37153
The CVE-2024-37153 issue affects Evmos (EVM hub on Cosmos). A vulnerability occurs when a local state change happens together with an ICS20 transfer within the same function, using the contract’s address as the sender in an ICS20 precompile transfer. This enables an effective “infinite money glit...
CVE-2024-37153 Evmos's contract balance not updating correctly after interchain transaction
Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. There is an issue with how to liquid stake using Safe which itself is a contract. The bug only appears when there is a local state change together with an ICS20 transfer in the same function and uses the contract's balance, that...
CVE-2024-37153 Evmos's contract balance not updating correctly after interchain transaction
Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. There is an issue with how to liquid stake using Safe which itself is a contract. The bug only appears when there is a local state change together with an ICS20 transfer in the same function and uses the contract's balance, that...
OPENSUSE-SU-2023:0297-1 Security update for opera
This update for opera fixes the following issues: - Update to 103.0.4928.16 CHR-9416 Updating Chromium on desktop-stable- branches CHR-9433 Update Chromium on desktop-stable-117-4928 to 117.0.5938.89 CHR-9449 Update Chromium on desktop-stable-117-4928 to 117.0.5938.132 DNA-110337 Opera Intro...
DEBIAN-CVE-2022-23633
Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is not notified of a close, ActionDispatch::Executor will not know to reset thread local state for the next request. This can lead to dat...
CVE-2022-23633 Exposure of sensitive information in Action Pack
Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is not notified of a close, ActionDispatch::Executor will not know to reset thread local state for the next request. This can lead to dat...
StrongSwan Security Mechanism Bypass Vulnerability
strongSwan is an open source IPsec-based VPN solution for Linux. The server implementation of the EAP-MSCHAPv2 protocol in strongSwan's eap-mschapv2 plugin fails to properly validate the local state, allowing a remote attacker to bypass authentication by sending an empty Success message in respon...
Weld: Limited information disclosure via stale thread state
It was discovered that under specific conditions the conversation state information stored in a thread-local variable in JBoss Weld was not sanitized correctly when the conversation ended. This could lead to a race condition that could potentially expose sensitive information from a previous...
Weld: Limited information disclosure via stale thread state
It was discovered that under specific conditions the conversation state information stored in a thread-local variable in JBoss Weld was not sanitized correctly when the conversation ended. This could lead to a race condition that could potentially expose sensitive information from a previous...
Weld: Limited information disclosure via stale thread state
It was discovered that under specific conditions the conversation state information stored in a thread-local variable in JBoss Weld was not sanitized correctly when the conversation ended. This could lead to a race condition that could potentially expose sensitive information from a previous...
Weld: Limited information disclosure via stale thread state
It was discovered that under specific conditions the conversation state information stored in a thread-local variable in JBoss Weld was not sanitized correctly when the conversation ended. This could lead to a race condition that could potentially expose sensitive information from a previous...
postgresql: SQL privilege escalation via modifications to session-local state
PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain...
Ubuntu Update for PostgreSQL vulnerabilities USN-876-1
Ubuntu Update for Linux kernel vulnerabilities USN-876-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN8761.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for PostgreSQL vulnerabilities USN-876-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...
USN-876-1: PostgreSQL vulnerabilities
It was discovered that PostgreSQL did not properly handle certificates with NULL characters in the Common Name field of X.509 certificates. An attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications. CVE-2009-4034 It wa...
FreeBSD Ports: postgresql-client, postgresql-server
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...